March 2010 - jboss-dev-forums - Jboss List Archives

Re: [jboss-dev-forums] [JBoss Microcontainer Development] - Testing jboss-reflect with a SecurityManager enabled

by Adrian Brock

Adrian Brock [http://community.jboss.org/people/adrian%40jboss.org] replied to the discussion "Testing jboss-reflect with a SecurityManager enabled" To view the discussion, visit: http://community.jboss.org/message/534062#534062 -------------------------------------------------------------- > Kabir Khan wrote: > > This has been committed against https://jira.jboss.org/jira/browse/JBREFLECT-109 https://jira.jboss.org/jira/browse/JBREFLECT-109. > > I did not need the extra permissions in ContainerTestPlugin, all that was needed was a IntrospectionEnumTestCase.properties: > > test.Permission.0=java.lang.RuntimePermission, accessClassInPackage.sun.reflect.annotation > > > > > Without that I got this > > > > java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.reflect.annotation) > at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323) > at java.security.AccessController.checkPermission(AccessController.java:546) > at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) > at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512) > at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:327) > at java.lang.ClassLoader.loadClass(ClassLoader.java:250) > at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:398) > at java.lang.Class.forName0(Native Method) > at java.lang.Class.forName(Class.java:247) > at java.io.ObjectInputStream.resolveClass(ObjectInputStream.java:604) > <snip/> > > at java.io.ObjectInputStream.readObject(ObjectInputStream.java:351) > at java.util.HashMap.readObject(HashMap.java:1030) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:597) > at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:974) > at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1849) > at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1753) > at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1329) > at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1947) > at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1871) > at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1753) > at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1329) > at java.io.ObjectInputStream.readObject(ObjectInputStream.java:351) > at org.jboss.test.AbstractTestCase.deserialize(AbstractTestCase.java:352) > at org.jboss.test.classinfo.test.AbstractClassInfoTest.access$0(AbstractClassInfoTest.java:1) > at org.jboss.test.classinfo.test.AbstractClassInfoTest$1.run(AbstractClassInfoTest.java:100) > at java.security.AccessController.doPrivileged(Native Method) > at org.jboss.test.classinfo.test.AbstractClassInfoTest.testBasics(AbstractClassInfoTest.java:96) > at org.jboss.test.classinfo.test.ClassInfoEnumTest.testEnum(ClassInfoEnumTest.java:71) > at org.jboss.test.classinfo.test.ClassInfoEnumTest.testEnumFieldAnnotation(ClassInfoEnumTest.java:64) That actually looks like a bug to me. We are assuming that the annotations cached in InheritableAnnotationsHolder can be Serialized, but there's no guarantee in the spec that Annotations are Serializable. It just so happens that the ones Sun implements are, but it obviously fails to Serialize them if you have a SecurityManager enabled due to the package restriction. In a different JDK they might not even be Serializable. More correctly we should reget the annotations during the readObject() processing rather than serializing them, or probably, just let the the state revert back to UNKNOWN_ANNOTATIONS_*. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/534062#534062] Start a new discussion in JBoss Microcontainer Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]

14 years, 1 month

1
0
0 / 0

Re: [jboss-dev-forums] [JBoss Microcontainer Development] - Testing jboss-reflect with a SecurityManager enabled

by Kabir Khan

Kabir Khan [http://community.jboss.org/people/kabir.khan%40jboss.com] replied to the discussion "Testing jboss-reflect with a SecurityManager enabled" To view the discussion, visit: http://community.jboss.org/message/534053#534053 -------------------------------------------------------------- This has been committed against https://jira.jboss.org/jira/browse/JBREFLECT-109 https://jira.jboss.org/jira/browse/JBREFLECT-109. I did not need the extra permissions in ContainerTestPlugin, all that was needed was a IntrospectionEnumTestCase.properties: test.Permission.0=java.lang.RuntimePermission, accessClassInPackage.sun.reflect.annotation Without that I got this java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackage.sun.reflect.annotation) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1512) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:327) at java.lang.ClassLoader.loadClass(ClassLoader.java:250) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:398) at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Class.java:247) at java.io.ObjectInputStream.resolveClass(ObjectInputStream.java:604) at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1575) at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1496) at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1732) at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1329) at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1947) at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1871) at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1753) at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1329) at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1947) at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1871) at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1753) at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1329) at java.io.ObjectInputStream.readObject(ObjectInputStream.java:351) at java.util.HashMap.readObject(HashMap.java:1030) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:974) at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1849) at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1753) at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1329) at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1947) at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1871) at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1753) at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1329) at java.io.ObjectInputStream.readObject(ObjectInputStream.java:351) at java.util.HashMap.readObject(HashMap.java:1030) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:974) at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1849) at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1753) at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1329) at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1947) at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1871) at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1753) at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1329) at java.io.ObjectInputStream.readObject(ObjectInputStream.java:351) at org.jboss.test.AbstractTestCase.deserialize(AbstractTestCase.java:352) at org.jboss.test.classinfo.test.AbstractClassInfoTest.access$0(AbstractClassInfoTest.java:1) at org.jboss.test.classinfo.test.AbstractClassInfoTest$1.run(AbstractClassInfoTest.java:100) at java.security.AccessController.doPrivileged(Native Method) at org.jboss.test.classinfo.test.AbstractClassInfoTest.testBasics(AbstractClassInfoTest.java:96) at org.jboss.test.classinfo.test.ClassInfoEnumTest.testEnum(ClassInfoEnumTest.java:71) at org.jboss.test.classinfo.test.ClassInfoEnumTest.testEnumFieldAnnotation(ClassInfoEnumTest.java:64) -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/534053#534053] Start a new discussion in JBoss Microcontainer Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]

14 years, 1 month

1
0
0 / 0

Re: [jboss-dev-forums] [JBoss Microcontainer Development] - Testing jboss-reflect with a SecurityManager enabled

by Adrian Brock

Adrian Brock [http://community.jboss.org/people/adrian%40jboss.org] replied to the discussion "Testing jboss-reflect with a SecurityManager enabled" To view the discussion, visit: http://community.jboss.org/message/534039#534039 -------------------------------------------------------------- > Kabir Khan wrote: > > The next problem is the Javassist version of the Field-/MethodAccessRestrictionTestCase. These fail since the javassist generated accessors (from JBREFLECT-6) are able to access private members, due to inheriting from sun.reflect.MagicAccessorImpl, so we don't get the expected exceptions when calling private members with a security manager enabled. My plan there is to modify JavassistFieldInfo and JavassistMethodInfo to throw an exception if an attempt is made to access them if they are not public and there is a security manager present. No, if there is a SecurityManager you should do a similar check to what is done by the Reflection based api, i.e. whether the caller has the "suppressAccessChecks" permission. See ReflectionMethodInfoImpl. P.S. I don't think you've solved the whole problem, see https://jira.jboss.org/jira/browse/JBREFLECT-2 https://jira.jboss.org/jira/browse/JBREFLECT-2 e.g. the MagicAccessorImpl trick doesn't work on jrockit for classes outside the bootstrap classloader. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/534039#534039] Start a new discussion in JBoss Microcontainer Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]

14 years, 1 month

1
0
0 / 0

Re: [jboss-dev-forums] [JBoss Microcontainer Development] - Testing jboss-reflect with a SecurityManager enabled

by Kabir Khan

Kabir Khan [http://community.jboss.org/people/kabir.khan%40jboss.com] replied to the discussion "Testing jboss-reflect with a SecurityManager enabled" To view the discussion, visit: http://community.jboss.org/message/534033#534033 -------------------------------------------------------------- > Kabir Khan wrote: > > My plan there is to modify JavassistFieldInfo and JavassistMethodInfo to throw an exception if an attempt is made to access them if they are not public and there is a security manager present. Actually, I will make this behave as their reflect counterparts public static void checkAccess(MemberInfo info) { if (!info.isPublic() && System.getSecurityManager() != null) AccessController.checkPermission(new ReflectPermission("suppressAccessChecks")); } -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/534033#534033] Start a new discussion in JBoss Microcontainer Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]

14 years, 1 month

1
0
0 / 0

[JBoss Microcontainer Development] - Testing jboss-reflect with a SecurityManager enabled

by Kabir Khan

Kabir Khan [http://community.jboss.org/people/kabir.khan%40jboss.com] created the discussion "Testing jboss-reflect with a SecurityManager enabled" To view the discussion, visit: http://community.jboss.org/message/534031#534031 -------------------------------------------------------------- I am enabling security for jboss-reflect and going through and adding privileged blocks where needed. Currently I am using this test policy plugin public class ContainerTestPolicyPlugin extends TestsPolicyPlugin { public ContainerTestPolicyPlugin(Class<?> clazz) { super(clazz); } public PermissionCollection getPermissions(CodeSource codesource) { PermissionCollection collection = super.getPermissions(codesource); collection.add(new RuntimePermission("accessDeclaredMembers")); collection.add(new RuntimePermission("getClassloader")); collection.add(new RuntimePermission("accessClassInPackage.sun.reflect")); return collection; } } Once I'm done I'll see about adding property files for individual tests, or I might just leave this in? Anyway, the problem I am having is for the following tests: * BeanInfoUtilTestCase - which seems to assume that it will ALWAYS be able to set/get fields whether they are public or private. * Field-/MethodAccessRestrictionTestCase - which seems to assume that it can set/get private fields when there is no security manager, but not when there is one. >From what I can work out BeanInfoUtilTestCase was not written with a security manager enabled, so I will modify BeanInfoUtilTestCase to override the delegate so it will never use a security manager no matter what ContainerTest.getDelegate() does. The next problem is the Javassist version of the Field-/MethodAccessRestrictionTestCase. These fail since the javassist generated accessors (from JBREFLECT-6) are able to access private members, due to inheriting from sun.reflect.MagicAccessorImpl, so we don't get the expected exceptions when calling private members with a security manager enabled. My plan there is to modify JavassistFieldInfo and JavassistMethodInfo to throw an exception if an attempt is made to access them if they are not public and there is a security manager present. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/534031#534031] Start a new discussion in JBoss Microcontainer Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]

14 years, 1 month

1
0
0 / 0

Re: [jboss-dev-forums] [JBoss Microcontainer Development] - Servlet Scanner plugin

by Remy Maucherat

Remy Maucherat [http://community.jboss.org/people/remy.maucherat%40jboss.com] replied to the discussion "Servlet Scanner plugin" To view the discussion, visit: http://community.jboss.org/message/533996#533996 -------------------------------------------------------------- I don't know. Whatever gives the best performance. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/533996#533996] Start a new discussion in JBoss Microcontainer Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]

14 years, 1 month

1
0
0 / 0

Re: [jboss-dev-forums] [JBoss Microcontainer Development] - JBREFLECT-5 - Implementing generics in JavassistClassInfo

by Flavia Rainone

Flavia Rainone [http://community.jboss.org/people/flavia.rainone%40jboss.com] replied to the discussion "JBREFLECT-5 - Implementing generics in JavassistClassInfo" To view the discussion, visit: http://community.jboss.org/message/533954#533954 -------------------------------------------------------------- > Kabir Khan wrote: > > I have fixed those errors by implementing https://jira.jboss.org/jira/browse/JBREFLECT-6 https://jira.jboss.org/jira/browse/JBREFLECT-6, so that the JavassistReflectionFactory now generates the bytecode directly. That's great! I'm curious to see some benchmark results! -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/533954#533954] Start a new discussion in JBoss Microcontainer Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]

14 years, 1 month

1
0
0 / 0

Re: [jboss-dev-forums] [JBoss Microcontainer Development] - JBREFLECT-5 - Implementing generics in JavassistClassInfo

by Kabir Khan

Kabir Khan [http://community.jboss.org/people/kabir.khan%40jboss.com] replied to the discussion "JBREFLECT-5 - Implementing generics in JavassistClassInfo" To view the discussion, visit: http://community.jboss.org/message/533935#533935 -------------------------------------------------------------- When testing kernel with the JavassistTypeInfoFactory last week I got quite a few errors due to some tests trying to configure private members. Although the generated javassist joinpoint classes extend sun.reflect.MagicAccessorImpl so they can access private members the javassist compiler fell over when trying to compile the generated classes since they were trying to access private members. I have fixed those errors by implementing https://jira.jboss.org/jira/browse/JBREFLECT-6 https://jira.jboss.org/jira/browse/JBREFLECT-6, so that the JavassistReflectionFactory now generates the bytecode directly. There are still a few errors when running this in kernel, so I'll try to find what those are. Currently I am running this with security turned off, once that is turned on again there will be more, but I'll do what I can without security first, -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/533935#533935] Start a new discussion in JBoss Microcontainer Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]

14 years, 1 month

1
0
0 / 0

Re: [jboss-dev-forums] [JBoss Microcontainer Development] - Servlet Scanner plugin

by Kabir Khan

Kabir Khan [http://community.jboss.org/people/kabir.khan%40jboss.com] replied to the discussion "Servlet Scanner plugin" To view the discussion, visit: http://community.jboss.org/message/533912#533912 -------------------------------------------------------------- Is this just for Web? If not, I think it should be made possible to differentiate. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/533912#533912] Start a new discussion in JBoss Microcontainer Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]

14 years, 1 month

1
0
0 / 0

Re: [jboss-dev-forums] [EJB 3.0 Development] - Fixing the EJB3 testsuite...

by jaikiran pai

jaikiran pai [http://community.jboss.org/people/jaikiran] replied to the discussion "Fixing the EJB3 testsuite..." To view the discussion, visit: http://community.jboss.org/message/533897#533897 -------------------------------------------------------------- r102950 contains the fix to the classpath issue https://jira.jboss.org/jira/browse/JBAS-7706?focusedCommentId=12521994#ac... https://jira.jboss.org/jira/browse/JBAS-7706?focusedCommentId=12521994#ac... -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/533897#533897] Start a new discussion in EJB 3.0 Development at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&cont...]

14 years, 1 month

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-dev-forums March 2010